[Beta] Asuswrt-Merlin 384.10 Beta is now available

[skeal]

For creating .crt for HTTPS access use this: (Must have Pixelserv-tls installed stand alone or with Diversion) https://github.com/kvic-z/pixelserv...ixelserv-CA-to-issue-a-certificate-for-WebGUI

 

[Sonyrolfy]

No leftovers when ticked default. Keys/cert are empty. RT86U. Beta3. However, system-log mentions at/by upload (Resetting client (unit 3) to default settings) ?

system-log:

Upload: openvpn: Resetting client (unit 4) to default settings (All keys/certs & Crypto Settings are in)
Default: rc_service: httpds 758:notify_rc stop_vpnclient4;clearvpnclient
openvpn: Resetting client (unit 4) to default settings (Keys/cert are empty)

 

[AntonK]

For creating .crt for HTTPS access use this: (Must have Pixelserv-tls installed stand alone or with Diversion) https://github.com/kvic-z/pixelserv-tls/wiki/[ASUSWRT]-Use-Pixelserv-CA-to-issue-a-certificate-for-WebGUI

Thank you!
Anton.

 

[RMerlin]

However, system-log mentions at/by upload (Resetting client (unit 3) to default settings) ?

This is normal. A default reset is always done before applying the uploaded file, as this is the only way to ensure that any previous leftover settings are removed (the ovp file you upload does not replace anything, it gets parsed and converted into nvram settings, so it cannot know about what non-default settings were previously there). Only a few settings are unaffected (like client name and policy rules).

 

[roundaway]

Beta 3 dirty flashed on RT-AC66_B1. OpenVPN server working fine with one android client connected. Good speeds.

 

[ksyoon70]

Since updated from 384.8_2, In my external disk, smb file transfer speed is extremely slow. I tested it on Windows and macOS. Both are same.

 

[RamGuy]

After installing BETA3 on my RT-AX88U the entire DHCP-Static List got wiped. Luckily I had a backup of it in txt so I could just dump it back using SSH but I found this rather awkward.

EDIT:

My static routes and port forwards was gone as well.

EDIT2:

For some reason it's all gone after a reboot. I'll try to wipe it and see if it helps.

 

[John Adler]

beta 3 working very stable.
even with many changes I did on my setup.
testing a lot yesterday.
thxs guys for the list to optimize the router

 

[MarkRH]

https://www.snbforums.com/threads/tool-to-manage-your-own-certificate-authority.45062/

The nice thing with this is you can then sign your own certificate for all other devices on your LAN (for example if you have a NAS), then any browser already having your root CA imported will automatically recognize and accept that device's certificate without warnings.

Thanks for the pointer. I'll fiddle around with it later.

 

[Centrifuge]

Since updated from 384.8_2, In my external disk, smb file transfer speed is extremely slow. I tested it on Windows and macOS. Both are same.

Which router model, upgrade steps?

 

[Henk59]

Guys, please do some testing surrounding the OpenVPN key/certs, ensuring that you can still properly manage them: adding, removing (new with beta 3 - just clear the field to remove it), editing, etc...

Thanks!

Merlin,
My ovpn settings was unsupported after some years.
My VPN (provider) connection was therefore lost.
I'd first an FW update from 384.09 to 384.10B3 after that I click DEFAULT button on the VPN page.

I made the mistake that I edit/paste the crt keys on the wrong field Client Certificate instead of the Certificate Authority field.
Deleteting the Certicate field went fine.

OpenVPN works fine again.

Merlin, thank you for the 384.10B3 FW.

 

[dugaduga]

@Henk59 I did the exact same thing and I was unable to connect from that client.

Just updated to 384_10 beta 3, then rebooted again, result:

/tmp/home/root# nvram show | grep CERTIFICATE
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

Should have looked immediately before I updated, previously when I only had one client ram was showing 52, but its up to 57 now; 57144 / 65536 bytes. And yes there are two certs in one client. Is there anyway to clear the certs manually in terminal without clearing Nvcache entirely?

 

[dugaduga]

Update Deleting the certs worked this time (great work!), though it doesn't clear previous ones from the cache either. Adding it back did not add it back into the cache though, good sign, and adding a second cert does not increase NVcache, yay!

 

[Jack Yaz]

Just updated to 384_10 beta 3, then rebooted again, result:

/tmp/home/root# nvram show | grep CERTIFICATE
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

Should have looked immediately before I updated, previously when I only had one client ram was showing 52, but its up to 57 now; 57144 / 65536 bytes. And yes there are two certs in one client. Is there anyway to only clear the certs manually in terminal without clearing Nvcache entirely?

Isn't that what this does?

https://www.snbforums.com/threads/b...ta-is-now-available.55520/page-11#post-473701

 

[dugaduga]

Oh my gosh what a life saver, thank you @RMerlin, great work and @Jack_Yaz for pointing that out! Down to 51990 / 65536 bytes now. Looking better than ever, thanks guys.

 

[dugaduga]

Upon every handshake I get the following

Mar 23 05:59:08 ovpn-client1[11990]: WARNING: 'cipher' is used inconsistently, local='cipher BF-CBC', remote='cipher AES-256-CBC'
Mar 23 05:59:08 ovpn-client1[11990]: WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'

Mar 23 05:59:10 ovpn-client1[11990]: Data Channel: using negotiated cipher 'AES-256-GCM'
Mar 23 05:59:10 ovpn-client1[11990]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mar 23 05:59:10 ovpn-client1[11990]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

Is the first two warnings just noise to ignore? I do not see BF-CBC anywhere in the settings.

 

[JemTheWire]

Since updating from beta 2 to beta 3 on my RT-AX88U (router mode), and RT-AC88U (access point) I have noticed a marked speed decrease in page load times.

On beta 2, the status bar of my browser whether Firefox or Chrome, I could see text stating performing TLS handshake etc. Now that happens so much faster I hardly have chance to read what it says!

Result.

Thanks Eric.

 

[ksyoon70]

Which router model, upgrade steps?

My router is RT-AC88U.

 

[RMerlin]

Upon every handshake I get the following

Mar 23 05:59:08 ovpn-client1[11990]: WARNING: 'cipher' is used inconsistently, local='cipher BF-CBC', remote='cipher AES-256-CBC'
Mar 23 05:59:08 ovpn-client1[11990]: WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'

Mar 23 05:59:10 ovpn-client1[11990]: Data Channel: using negotiated cipher 'AES-256-GCM'
Mar 23 05:59:10 ovpn-client1[11990]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mar 23 05:59:10 ovpn-client1[11990]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

Is the first two warnings just noise to ignore? I do not see BF-CBC anywhere in the settings.

BF-CBC is the old default cipher. Just ignore that message, it typically happens when two OpenVPN client/servers rely on NCP to establish the cipher to use.

 

[RMerlin]

After installing BETA3 on my RT-AX88U the entire DHCP-Static List got wiped. Luckily I had a backup of it in txt so I could just dump it back using SSH but I found this rather awkward.

EDIT:

My static routes and port forwards was gone as well.

EDIT2:

For some reason it's all gone after a reboot. I'll try to wipe it and see if it helps.

The RT-AX88U stores these in the jffs partition. If that partition is corrupted/wiped/unmounted, then these settings will be lost.